Information Security Awareness at Saudi Arabians’ Organizations

2012 ◽  
Vol 6 (3) ◽  
pp. 38-55 ◽  
Author(s):  
Zakarya A. Alzamil
Keyword(s):  
Information Security ◽  
Public Relations ◽  
The State ◽  
Security Threats ◽  
Security Awareness ◽  
Organizational Attitudes ◽  
Information Security Awareness ◽  
It Employees ◽  
Awareness Programs ◽  
Saudi Arabians

Information security awareness is human and organizational attitudes which can be described as a behavior or an attitude of an organization and/or its members towards protecting the organization’s information assets. The goal of this paper is to understand the state of the information security awareness at some of the Saudi Arabians’ organizations, i.e., governments and privates by investigating the perception of their information technology’s employees. The author believes that understanding the state of information security awareness of IT employees can give a better understanding of the level of awareness at the entire organization. The results of this study show that most of the IT employees at the surveyed organizations have some misconceptions about information security practices. In addition, many responses indicated that many IT employees are not aware of the internal information security threats. Such results required very urgent actions from the top management of these organizations to consider the information security awareness programs within their public relations and training programs.

scholarly journals Building an effective information security awareness program

2020 ◽  
Vol 338 ◽  
pp. 189-200
Author(s):  
Ildikó Legárd
Keyword(s):  
Information Security ◽  
Human Factor ◽  
Significant Risk ◽  
Security Awareness ◽  
Security Culture ◽  
Information Security Awareness ◽  
Weakest Link ◽  
Awareness Program ◽  
Awareness Programs ◽  
And Behavior

Many researchers and experts in the field of information security agree that the user is the weakest link in an organization’s chain of information security. Even if the system’s and the stored data’s physical and logical protection is well developed, the human factor exposes security to significant risk. The effective protection against the threats is to provide security awareness through implementing a well-developed and successful Information Security Awareness Program. Although organizations are able to recognize the importance of information security awareness, the implementation of the awareness programs can be difficult. The aim of this study is to help organizations to develop an effective Information Security Awareness Program tailored to the characteristics of the organization. The paper presents how we can build a program that influences and improves the user’s knowledge, attitude and behavior the most towards information security and makes positive changes in the security culture of an organization. To achieve that goal, the study identifies the key elements of the implementation, compares traditional awareness programs with modern trainings and highlights the importance of communication channels and methods. There is no single solution to improve information security, the essay summarizes and shows the most effective techniques that experts can use in order to seize the user’s attention toward information security, to establish credibility and trust, and to motivate action.

Information Security Awareness

2009 ◽  
pp. 307-324 ◽  
Author(s):  
Gary Hinson
Keyword(s):  
Information Security ◽  
Technical Information ◽  
Security Awareness ◽  
Educational Activities ◽  
Security Culture ◽  
Information Security Awareness ◽  
Security Controls ◽  
Employee Communications ◽  
Awareness Programs ◽  
Security Awareness Training

This chapter highlights the broad range of factors that are relevant to the design of information security awareness programs, primarily by reference to the literature. It emphasizes the need to supplement technical information security controls with security awareness, training and educational activities to address human vulnerabilities. It outlines requirements noted in standards, laws and regulations, and explains the value of motivational employee communications techniques in creating a security culture.

scholarly journals A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

2017 ◽  
Vol 21 ◽  
Author(s):  
Agata McCormac ◽  
Dragana Calic ◽  
Marcus Butavicius ◽  
Kathryn Parsons ◽  
Tara Zwaans ◽  
...  
Keyword(s):  
Information Security ◽  
Security Awareness ◽  
Cultural Changes ◽  
Information Security Awareness ◽  
Training Interventions ◽  
Human Aspects ◽  
Current State ◽  
Awareness Programs ◽  
Test Retest Reliability ◽  
Security Incidents

The Human Aspects of Information Security Questionnaire (HAIS-Q) is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed. 

Information Security Awareness in Academia

2011 ◽  
Vol 2 (4) ◽  
pp. 1-17
Author(s):  
Peter Korovessis
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Social Engineering ◽  
The State ◽  
Security Awareness ◽  
University Environment ◽  
Information Security Awareness ◽  
Sample Data ◽  
Rapid Pace ◽  
Academic Sector

Information security has become an established discipline as more and more businesses realize its value. Many surveys have indicated the importance of protecting valuable information and an important aspect that must be addressed in this regard is information security awareness. The academic sector is one that regularly addresses information security awareness. Because many successful security intrusions are the result of either social engineering or user complacency, there is a need for students in non IT-related disciplines to become as security literate as possible. The proposed research investigates the level of security awareness amongst the online population. For this reason sample data from a university environment was used in order to examine the state of information security awareness in the academic sector and investigate the awareness needs of students. Since information technology grows at a rapid pace, it is important for the academic sector to identify new trends and developments in information security and adapt the curricula appropriately.

scholarly journals EFFECTIVE METHODS FOR SUCCESSFUL INFORMATION SECURITY AWARENESS

2021 ◽  
Vol 9 (1) ◽  
pp. 108-127
Author(s):  
Ildikó Legárd
Keyword(s):  
Information Security ◽  
Technological Development ◽  
Real Life ◽  
Communication Channels ◽  
Security Awareness ◽  
Effective Solution ◽  
Information Security Awareness ◽  
Interactive Games ◽  
Awareness Programs ◽  
Digital Competencies

Information security awareness is becoming increasingly important these days. It is not enough to have a well-developed physical and logical protection of the  system and stored data; the users of these systems have to keep up with  technological development and have to be sufficiently aware or cautious when  using these systems. Information Security Awareness Programs provide the most  effective solution for the improvement of users’ information security knowledge  and digital competencies. The aim of this study is to help organisations in finding  and providing an effective way of knowledge transfer. The study identifies the key  elements of the implementation of the awareness programs and highlights the  importance of communication channels and methods. The essay summarises and  shows the most effective techniques that experts can use in order to draw the user’s attention toward information security, like real-life simulation scenarios,  interactive games, themed awareness videos and other gamification techniques. 

Information Security Awareness in Academia

2013 ◽  
pp. 88-104
Author(s):  
Peter Korovessis
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Social Engineering ◽  
The State ◽  
Security Awareness ◽  
University Environment ◽  
Information Security Awareness ◽  
Sample Data ◽  
Rapid Pace ◽  
Academic Sector

Information security has become an established discipline as more and more businesses realize its value. Many surveys have indicated the importance of protecting valuable information and an important aspect that must be addressed in this regard is information security awareness. The academic sector is one that regularly addresses information security awareness. Because many successful security intrusions are the result of either social engineering or user complacency, there is a need for students in non IT-related disciplines to become as security literate as possible. The proposed research investigates the level of security awareness amongst the online population. For this reason sample data from a university environment was used in order to examine the state of information security awareness in the academic sector and investigate the awareness needs of students. Since information technology grows at a rapid pace, it is important for the academic sector to identify new trends and developments in information security and adapt the curricula appropriately.

Sign in / Sign up

Export Citation Format

Share Document